clj-sandbox

My attempt to write a sandboxing library for clojure to allow secure execution of untrusted code

h1. Warning

In Clojure 1.2 the :initial feature isn’t working at the moment!!! h1. clj-sandbox

Why clj-sandbox?

Well the short story is, because it is cool. There are so many things you can do when sandboxing code is dead simple. That is what I hope clj-sandbox will do, allow clojure code to add sandboxing with less then 5 lines of code.

Of cause that is a idealistic view, to really customize the sandbox you might need 10 lines ;).

Long story? I need sandboxing for a project, and on #clojure hiredman, bsteuber and me got in a talk how nice it would be to have a simple sandbox library. So the next day I decided that I take it upon me to make it reality ;). Truth be told, hiredman did a very good job for clojurebot, I lot of code and ideas were pioneered by him :)

h2. Usage

1) create a .java.policy file to grant your code rights.

h3. Simple example

In your code this will give you a very simple sandbox without jvm sandboxing:

bc. (use ‘net.licenser.sandbox) (def my-sandbox (stringify-sandbox (new-sandbox))) (my-sandbox “(+ 1 1)”)

h3. More advanced example

If you want more security and posibilties

bc. (use ‘net.licenser.sandbox) (enable-security-manager) (def sc (stringify-sandbox (new-sandbox-compiler))) (def my-really-secure-add (sc “(+ a b)” ‘a ‘b)) (my-really-secure-add {} 23 19) ;=> 42

h3. Real world examples.

What better example as what people actually do with the code?

Of cause “EPIC”:http://github.com/Licenser/EPIC uses clj-sandbox to run user scripts

defn’s “walton”:http://github.com/defn/walton tool uses clj-sandbox to get better answers for your questions.

Raynes’s IRC-bot “sexpbot”:http://github.com/Raynes/sexpbot uses clj-sandbox too let users evaluate and test code in the IRC.

“clicki”:http://github.com/Licenser/clicki, a crazy wiki that lets user define the entire webside (code and everything) within itself.

See even now there are very varity usages for a sandbox and I hope there will be many more.

h2. Installation

Add the following to your project.clj in leiningen:

[clj-sandbox “0.3”]

h2. License

Copyright © 2009 Heinz N. Gies and Anthony Simpson.

This code is published under the EPL, have fun! See LICENSE.html for the booring stuff.

h2. Thanks

Thanks to hiredman from #clojure for the patience with my question and the code for the JVM jail :). Also thanks to Raynes from #clojure for using and testing the library, spotting evilish bugs, proofreading the comments and some improvements :D!

Related Repositories

clj-sandbox

clj-sandbox

My attempt to write a sandboxing library for clojure to allow secure execution of untrusted code ...

clj-diogok-sandbox

clj-diogok-sandbox

My Clojure sandbox/utils namespaces and scripts on file, io, http and etcetera. ...

tryclojure

tryclojure

A little web-based Clojure REPL powered by clj-sandbox. ...

clj-sandbox

clj-sandbox

My attempt to write a sandboxing library for clojure to allow secure execution of untrusted code ...


Top Contributors

Licenser Raynes